NASA IV&V Information Assurance Engineer
Job Type Full-time
Job Status Sourcing
Date Posted Wednesday, 21 February 2018
Location Fairmont, WV
Job Description

NASA Information Assurance Engineer

Job Location – WV -Fairmont

Requisition ID: 2017-38519

Category: Cyber Security


MPL Corporation is seeking an Information Assurance Engineer to join our team of qualified, diverse individuals. This position will be located in Fairmont, WV. In Fairmont, WV, we support NASA’s Independent Verification and Validation (IV&V) Program, delivering analysis, validation and verification of safety-critical and mission-critical software for important NASA science and human exploration programs.

Roles and Responsibilities – as a member of a team of program IA engineers:  

  • Performs independent assessments (system and software security vulnerability, threat, and risk assessments) on development and large-scale operational environments. 

  • Performs full-lifecycle (i.e., Concept to Deployment) Information Assurance (IA) security analyses to ensure the logical and systematic conversion of customer or product requirements into total secure systems solutions that acknowledge technical constraints. 

  • Performs NIST security control assessments in support of Assessment and Authorization (A&A) / Certification & Accreditation (C&A) processes. 

  • Performs analysis of systems security and software architecture, system security and software requirements, system and software design, source code, and the developer’s unit, build, and systems integration test products.  Performs functional analysis, timeline analysis, detail trade studies, and requirements allocation and interface definition studies to evaluate compliance of software/systems developer’s software security specifications and requirements to the software security standards (e.g., NIST Standards). 

  • Performs mentoring and training on information assurance methodologies/techniques.   

  • Interacts directly with targeted development program personnel providing a suitable interface for the program to gain access to the results of IV&V IA analyses.  

  • Collaborates with cross-functional teams of security and systems analysts performing assessments and/or verification and validation analyses. 

  • Analyzes effectiveness/efficiency of the NASA IV&V program's security analysis procedures and processes, and develops/recommends improvements. 

  • Prepares presentations, reports, research, and other contract deliverables related to mission assurance analyses performed. 

  • Supports IV&V project lead directly as knowledgeable reviewer of IV&V security analysis products and services.  Participates in Risk Management process as it relates to execution of the mission assurance and/or IV&V projects and to the software/systems development project being evaluated by the IV&V team. 

  • Performs technical task planning and supports the Project Lead in the execution and control of the tasks.  Participates in selected programs, events, and meetings involving staff, Government customers, and visitors.  Work is performed on-site in Government facilities. 

Occasional travel may be required.

Required Qualifications

  • Experience in one or more of the following:

  1. Security engineering and analysis, architecture, design, NIST, security controls, Certification & Accreditation (C&A), Assessment & Authorization (A&A), risk assessment, vulnerability and threat assessment.

  2. Performing independent security assessments on mission-critical systems.

  3. Selecting, implementing, documenting, and assessing NIST security controls on large complex mission-critical systems.

  4. Writing, managing, and/or adjudicating System Security Plans (SSP) and all associated security controls documentation.

  • Working knowledge of applying Information Assurance techniques in all system development life-cycle phases.

  • Knowledge of operating systems internals (Linux, Windows), network protocols and technologies, web services, databases, scripting, programming languages (C/C++, Java, Perl, Python, Assembly), firewalls. Experience applying NIST 800-37 and 800-53 to development and operational systems. 

  • Minimum 15 years of experience with a Bachelor’s degree in Computer Science, Systems Engineering, Aerospace Engineering, Electrical Engineering, Computer Engineering, Information Systems, or other software-related engineering program, OR an additional 4 years of directly related experience in lieu of degree.

  • Excellent writing and communication skills are required, and ability to interact well in group meeting/working environments.

  • Proficiency with MS Office (Word, Excel, PowerPoint, Outlook).

Must be able to obtain and maintain a TS/SCI Security Clearance 

Desired Qualifications

  • Experience developing or institutionalizing a cross program or organization information assurance or cyber risk management framework that includes specific processes or methods to be applied at the tactical or operational level

  • Understanding of classified risk development, mitigation and communication. Able to identify the communication stakeholders based on the nature of the classification of the risk

  • CISSP or experience and expertise in the following domains: Access Control, Telecommunications and Network Security, Information Security Governance and Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operations Security, Business Continuity and Disaster Recovery Planning, Legal, Regulations, Investigations and Compliance, Physical (Environmental)

  • Experience with FedRAMP and 3PAO.  Familiarity with UML, static code analysis tools, service oriented architecture, agile processes, project planning/integration, and business process engineering. 

  • Security Certifications such as:   Certified Expert Penetration Tester (CEPT), Certified Ethical Hacker (CEH), GIAC Penetration Tester (GPEN), EC-Council Certified Security Analyst (ECSA), Licensed Penetration Tester (LPT), Committee on National Security Systems CNSSI-4012, CNSS-4011, NSA-INFOSEC Assessment Methodology (IAM), NSA-INFOSEC Evaluation Methodology (IEM) 

  • Experience and expertise with NASA or military programs involving ground communication systems security. 

MPL Corporation offers an excellent benefits package.  We are dedicated to providing the best possible economic and personal security for each employee.

MPL Corporation is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship is required.

Email resume to:

How to Apply
Email Resume To

Go back to last page